The normal day-to-day as an MSP is often challenging enough. When emergencies arise and your customers look to you to help them maintain business continuity, the best strategy is to rely on well-defined and pre-established plans and procedures. But every customer’s needs are unique, and you may not have gotten around to writing up a plan for each of them.
The first step to effectively managing the changes and rapid response demanded during a crisis is to gather the data that you need to ensure that you are maintaining the confidentiality, integrity, and availability of your customers' systems while also doing what needs to be done to adapt in times of crisis.
In order to help you rapidly collect the information you need, Liongard has put together a playbook to help gather the data that you need and track the changes that your team makes in order to navigate your customers through troubled times.
Tech-heavy companies, or those with partially distributed workforces, will already have some basic framework for remote work. For example, a conferencing strategy for remote meetings, VPN connectivity, etc.
Other companies will not have any technology or processes in place for that kind of distributed work.
Key Question: Are we augmenting existing technology and processes for this client? Or is this all new?
If key applications and services are inside the firewall, VPN connectivity and sufficient bandwidth at the main office or data center location to operate 100% remotely will be key.
If legacy applications are involved, they won’t necessarily work well via VPN. In this case, Remote Desktop or VDI will be crucial.
If everything is web-based or in the cloud, VPN may be much less important. But cloud solutions have their own set of questions: what additional licenses may be required to effectively serve the entire client base? Which employees relied on communal resources while in the office now need individual solutions?
Identify which server(s) key applications are running on. Use Liongard's Windows Inspector to identify installed software, remote user access groups, and more.
Attempt to establish a simple set of requirements/tests for remote workers to test their internet connectivity. If there is a minimum standard below which things will not work well, communicate those requirements ASAP, so employees can work with their ISPs for necessary upgrades.
Consider the following questions:
- Will some employees be forced to work from personal machines?
- If so, what additional antivirus and management packages need to be provided to maintain an acceptable level of security?
- Will new “stealth IT” cloud-based tools come into play to enable collaboration?
- If so, which use cases are most business-critical and, for those business critical functions, what options might you be able to roll out quickly to manage things as well as possible?
- Will lack of fast, reliable access to centralized storage drive key data off out of “official” locations to workstations, personal computers, etc.
Consider the following questions:
- What processes happen infrequently (i.e., monthly) that might be overlooked?
- What teams have different requirements than the majority of users?
- Dev/Engineering teams with lab networks
- Finance/Exec teams with private storage locations
When a business unexpectedly requires their staff to work remotely, we recommend assessing the following Liongard views and details.
Details of the information available in all of our Inspectors can be found in our System Inspector Summary
- Audit for RDP port forwards or other rules that enable remote access without sufficient security
- Audit for firewall rules allowing outside access directly to applications (i.e., web applications) and understand how those applications are used
- Determine if connectivity is mediated by local user accounts or an external directory (i.e. Active Directory)
- If an external directory, what security group or mechanism allows remote access?
- Determine whether the device has sufficient licensing for the number of concurrent VPN users likely to be using it
- Determine whether the device has sufficient throughput and hardware performance (i.e., encryption throughout) to support the number of required users?
- Ensure that MFA is enabled for user accounts, if available
Liongard is already capturing changes to your firewall's configuration, so you have a safety net for any changes that you make. You may also want to take a full, restorable backup of the device before making major changes.
Details of the information available in our Microsoft 365 inspector can be found in the Microsoft 365 section of our System Inspector Summary.
- Do you have sufficient quantities and types of licenses for the work your customers need to do remotely?
- Installation of local applications of Microsoft 365 where necessary
- Access to SharePoint
- Azure AD licenses for additional security and access control policies
- What are the approved video and chat conferencing tools?
- Who are admins and what rights do users have?
- What are the approved file-sharing tools?
- Test our Box.com Inspector
You may need to rapidly purchase and provision new laptops and other mobile devices. Consider the following questions:
- What management tools, MDM software, do you have in place? Do you have InTune from Microsoft?
- Are devices encrypted?
- AV Inspector: Does the client have AV installed?
- Review devices listed in our AV solutions' Inspectors:
- Are device firewalls configured?
Details of the information available in our Active Directory inspector can be found in the Active Directory section of our System Inspector Summary.
- Perform a User Access Review using the Users and Groups data views
- Are any users' roles changing such that they need additional or reduced permissions?
- Determine which groups enable remote access
- Ensure that terminated staff are properly de-provisioned
Microsoft 365: Watch for elevated occurrences of phishing email in general and pay particular attention to crisis-related phishing attempts.
Antivirus: Use Liongard's Metrics and data views to audit the complete deployment of security software to endpoints, and configure Actionable Alerts to keep track of infection issues and machines that are not checking in.
What compliance framework(s) is this customer subject to? And what specific rules around change controls and remote access and data storage are most critical for this customer?
Liongard's Inspectors are regularly inspecting systems and maintaining an historic record of system configurations and changes. Refer to Liongard's Inspector timelines to keep track of changes made that may need to be accounted for or reverted in the future.
Updated 7 months ago